Is RelayState essential for SAML Identity Brokering

marcino · April 26, 2021, 2:50pm

It seems YES. Missing RelayState is enough to break the authentication on the broker.

I have done verification with hand-crafted reverse proxy, that discarded RelayState (set it to blank string).

Topic		Replies	Views
Relay State in IDP initiated SSO from external IDP Getting advice authentication , identity-brokering , saml	5	5380	February 15, 2022
Preserving client's RelayState through 3rd party SAML IDP Login Getting advice identity-brokering , saml	0	627	June 21, 2021
status:Succes from SAML - code, clientId or tabId was null - IDENTITY_PROVIDER_LOGIN_ERROR Getting advice identity-brokering	1	49448	April 26, 2021
Google IDP initiated login is failing due to empty RelayState Getting advice identity-brokering , saml	0	813	March 24, 2022
Is IDP initiated flow broken? Getting advice saml	4	1709	February 3, 2022